Configure DNS for Intake Email Business
This guide explains how to configure DNS settings to enable the Intake Email feature for your self-hosted Plane instance. These configurations enable your server to accept messages sent to your project's dedicated Intake address, which are then converted into work items in your project's Intake section.
Prerequisites
Ensure that the Plane server allows inbound traffic on the following email-related ports: 25, 465, and 587.
If any of these ports are currently in use, you can free them by running:
fuser -k 25/tcp 465/tcp 587/tcpGenerate SSL/TLS Certificate for Email Domain
WARNING
Mandatory for Docker Compose deployments only.
Before configuring DNS records for Intake Email, secure your email domain with an SSL/TLS certificate. This ensures encrypted communication between mail servers and improves email trust and deliverability.
Install Certbot
Update your system and install Certbot.bashsudo apt update && sudo apt install certbotFor NGINX:
bashsudo apt install python3-certbot-nginxFor Apache:
bashsudo apt install python3-certbot-apacheGenerate SSL Certificate Choose the method that matches your web server setup:
For NGINX:
bashsudo certbot --nginx -d <mail-domain>For Apache:
bashsudo certbot --apache -d <mail-domain>For standalone (no web server):
bashsudo certbot certonly --standalone -d <mail-domain>Copy Certificate Files Copy the generated certificate files to Plane's expected directory:
bashsudo cp /etc/letsencrypt/live/<mail-domain>/fullchain.pem /opt/plane/data/email/tls/cert.pem sudo cp /etc/letsencrypt/live/<mail-domain>/privkey.pem /opt/plane/data/email/tls/key.pemConfigure Environment Variables Add the following settings to your plane.env file:
bash# If using SMTP_DOMAIN as FQDN (e.g., intake.example.com), # generate a valid SSL certificate and set these paths accordingly. SMTP_DOMAIN=intake.example.com TLS_CERT_PATH=tls/cert.pem TLS_PRIV_KEY_PATH=tls/key.pem INTAKE_EMAIL_DOMAIN=intake.example.comWARNING
Important:
SMTP_DOMAINandINTAKE_EMAIL_DOMAINmust be identical.
Configure DNS records
Create an A Record This record points to the server running your email service.
bashType: A Host: <host-domain> # Example: plane.example.com Value: <public-ip-address> # Your server's public IP address TTL: Auto | 3600TIP
You can alternatively use a CNAME record if you're using a cloud load balancer.
Add an MX Record This record directs email traffic to your mail server.
bashType: MX Host: <mail-domain> # Example: intake.example.com Value: <host-domain> # Same as your A record host Priority: 10 TTL: Auto | 3600Configure an SPF Record This record helps prevent email spoofing.
bashType: TXT Host: <mail-domain> # Example: intake.example.com Value: "v=spf1 ip4:<A-record-ip-host-domain> -all" TTL: Auto | 3600Set Up a DMARC record This record specifies how receiving mail servers should handle authentication failures.
bashType: TXT Host: _dmarc.<mail-domain> # Example: _dmarc.intake.example.com Value: "v=DMARC1; p=reject; rua=mailto:<valid-email-addr>" TTL: Auto | 3600
Verify your configuration
After setting up your DNS records, verify that they're correctly configured:
# Verify A record
dig A <mail-domain>
# Verify MX record
dig MX <mail-domain>
# Verify SPF record
dig TXT <mail-domain>
# Verify DMARC record
dig TXT _dmarc.<mail-domain>You can also use MXToolbox to check for any issues with your DNS configuration.
Test your mail server
Once your DNS records have propagated, test your SMTP connections:
# Test SMTP connection on standard ports
telnet <host-domain> 25
telnet <host-domain> 465
telnet <host-domain> 587Troubleshooting
MX Record issues
- Ensure there's a proper dot at the end of the domain.
- Check that the priority number is correct (lower = higher priority).
- Allow 24-48 hours for DNS changes to fully propagate.
A Record issues
- Verify that the IP address is correct.
- Ensure your mail subdomain matches the MX record.